Accessing the CLI Using a Router Console

There are two serial ports: a console (CON) port and an auxiliary (AUX) port. Use the CON port to access the command-line interface (CLI) directly or when using Telnet.
The following sections describe the main methods of accessing the router:

Connecting to the Console Port

Step 2 Connect to the CON port using the RJ-45-to-RJ-45 cable and RJ-45-to-DB-25 DTE adapter or using the RJ-45-to-DB-9 DTE adapter (labeled “Terminal”).

Using the Console Interface

Step 1 The following prompt appears when you are in user EXEC mode.

Router>

Step 2 Enter the
enable
command.

Router> enable

Step 3 At the password prompt, enter your system password. If an enable password has not been set on your system, this step may be skipped.
The following example shows the entry of a password called “enablepass”:

Accessing the CLI from a Remote Console Using Telnet

Preparing to Connect to the Router Console Using Telnet

Before you can access the router remotely using Telnet from a TCP/IP network, you need to configure the router to support virtual terminal lines (VTYs) using the
line vty
global configuration command. You configure the VTYs to require users to log in and specify a password.

To prevent disabling login on the line, specify a password with the
password
command when you configure the
login
command.

If you are using authentication, authorization, and accounting (AAA), you should configure the
login authentication
command. To prevent disabling login on the line for AAA authentication when you configure a list with the
login authentication
command, you must also configure that list using the
aaa authentication login
global configuration command.

In addition, before you can make a Telnet connection to the router, you must have a valid hostname for the router or have an IP address configured on the router. For more information about requirements for connecting to the router using Telnet, information about customizing your Telnet services, and using Telnet key sequences, see the Cisco IOS Configuration Fundamentals Configuration Guide
.

Using Telnet to Access a Console Interface

Step 1 From your terminal or PC, enter one of the following commands:

connect
host
[
port
] [
keyword
]

telnet
host
[
port
] [
keyword
]

where
host
is the router hostname or an IP address,
port
is a decimal port number (23 is the default), and
keyword
is a supported keyword. For more information about these commands, see theCisco IOS Terminal Services Command Reference
.

Note If you are using an access server, then you will need to specify a valid port number such as telnet 172.20.52.40 2004, in addition to the hostname or IP address.

The following example shows the
telnet
command to connect to the router named “router”:

unix_host% telnet router

Trying 172.20.52.40...

Connected to 172.20.52.40.

Escape character is '^]'.

unix_host% connect

Step 2 Enter your login password. The following example shows entry of the password called “mypass”:

User Access Verification

Password: mypass

Note If no password has been configured, press Return.

Step 3 From user EXEC mode, enter the
enable
command as shown in the following example:

Router> enable

Step 4 At the password prompt, enter your system password. The following example shows entry of the password called enablepass:

Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.

Ctrl-N
or the
Down Arrow
key
1

Return to more recent commands in the history buffer after recalling commands with
Ctrl-P
or the
Up Arrow
key.

Router#
show history

While in EXEC mode, lists the last few commands you entered.

2.The arrow keys function only on ANSI-compatible terminals such as VT100s.

Understanding Command Modes

The command modes available in Cisco IOS XE are the same as those available in traditional Cisco IOS. Use the CLI to access Cisco IOS XE software. Because the CLI is divided into many different modes, the commands available to you at any given time depend on the mode that you are currently in. Entering a question mark (
?
) at the CLI prompt allows you to obtain a list of commands available for each command mode.

When you log in to the CLI, you are in user EXEC mode. User EXEC mode contains only a limited subset of commands. To have access to all commands, you must enter privileged EXEC mode, normally by using a password. From privileged EXEC mode, you can issue any EXEC command—user or privileged mode—or you can enter global configuration mode. Most EXEC commands are one-time commands. For example,
show
commands show important status information, and
clear
commands clear counters or interfaces. The EXEC commands are not saved when the software reboots.

Configuration modes allow you to make changes to the running configuration. If you later save the running configuration to the startup configuration, these changed commands are stored when the software is rebooted. To enter specific configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and a variety of other modes, such as protocol-specific modes.

ROM monitor mode is a separate mode used when the Cisco IOS XE software cannot load properly. If a valid software image is not found when the software boots or if the configuration file is corrupted at startup, the software might enter ROM monitor mode.

Table 2-3 describes how to access and exit various common command modes of the Cisco IOS XE software. It also shows examples of the prompts displayed for each mode.

Table 2-3 Accessing and Exiting Command Modes

Command Mode

Access Method

Prompt

Exit Method

User EXEC

Log in.

Router>

Use the
logout
command.

Privileged EXEC

From user EXEC mode, use the
enable
command.

Router#

To return to user EXEC mode, use the
disable
command.

Global
configuration

From privileged EXEC mode, use the
configure terminal
command.

Router(config)#

To return to privileged EXEC mode from global configuration mode, use the
exit
or
end
command.

Interface
configuration

From global configuration mode, specify an interface using an
interface
command.

Router(config-if)#

To return to global configuration mode, use the
exit
command.

To return to privileged EXEC mode, use the
end
command.

Diagnostic

The router boots up or accesses diagnostic mode in the following scenarios:

In some cases, diagnostic mode will be reached when the IOS process or processes fail. In most scenarios, however, the router will reload.

A user-configured access policy was configured using the
transport-map
command that directed the user into diagnostic mode.

A break signal (
Ctrl-C
,
Ctrl-Shift-6
, or the
send break
command
) was entered and the router was configured to go into diagnostic mode when the break signal was received.

Router(diag)#

If the IOS process failing is the reason for entering diagnostic mode, the IOS problem must be resolved and the router rebooted to get out of diagnostic mode.

If the router is in diagnostic mode because of a transport-map configuration, access the router through another port or using a method that is configured to connect to the Cisco IOS CLI.

ROM monitor

From privileged EXEC mode, use the
reload
EXEC command. Press the
Break
key during the first 60 seconds while the system is booting.

rommon#>

To exit ROM monitor mode (ROMMON), manually boot a valid image or do a reset with autoboot set so that a valid image is loaded.

Understanding Diagnostic Mode

The router boots up or accesses diagnostic mode in the following scenarios:

The IOS process or processes fail, in some scenarios. In other scenarios, the system will simply reset when the IOS process or processes fail.

A user-configured access policy was configured using the
transport-map
command that directs the user into diagnostic mode.

A send break signal (
Ctrl-C
or
Ctrl-Shift-6
) was entered while accessing the router, and the router was configured to enter diagnostic mode when a break signal was sent.

In diagnostic mode, a subset of the commands that are available in user EXEC mode are made available to users. Among other things, these commands can be used to:

Inspect various states on the router, including the IOS state.

Replace or roll back the configuration.

Provide methods of restarting the IOS or other processes.

Reboot hardware, such as the entire router, a module, or possibly other hardware components.

Transfer files into or off of the router using remote access methods such as FTP, TFTP, and SCP.

Diagnostic mode provides a more comprehensive user interface for troubleshooting than previous routers, which relied on limited access methods during failures, such as ROMMON, to diagnose and troubleshoot Cisco IOS problems. Diagnostic mode commands can work when the Cisco IOS process is not working properly. All of these commands are also available in privileged EXEC mode on the router when the router is working normally.

Getting Help

Entering a question mark (
?
) at the CLI prompt displays a list of commands available for each command mode. You can also get a list of keywords and arguments associated with any command by using the context-sensitive help feature.

To get help specific to a command mode, a command, a keyword, or an argument, use one of the following commands:

Table 2-4 Help Commands and Purpose

Command

Purpose

help

Provides a brief description of the help system in any command mode.

abbreviated-command-entry
?

Provides a list of commands that begin with a particular character string. (No space between the command and the question mark.)

abbreviated-command-entry
<
Tab
>

Completes a partial command name.

?

Lists all commands available for a particular command mode.

command
?

Lists the keywords or arguments that you must enter next on the command line. (Space between the command and the question mark.)

Example: Finding Command Options

This section provides an example of how to display syntax for a command. The syntax can consist of optional or required keywords and arguments. To display keywords and arguments for a command, enter a question mark (
?
) at the configuration prompt or after entering part of a command followed by a space. The Cisco IOS XE software displays a list and brief description of available keywords and arguments. For example, if you were in global configuration mode and wanted to see all the keywords and arguments for the
arap
command, you would type
arap ?
.

The <cr> symbol in command help output stands for “carriage return.” On older keyboards, the carriage return key is the Return key. On most modern keyboards, the carriage return key is the Enter key. The <cr> symbol at the end of command help output indicates that you have the option to press
Enter
to complete the command and that the arguments and keywords in the list preceding the <cr> symbol are optional. The <cr> symbol by itself indicates that no more arguments or keywords are available and that you must press
Enter
to complete the command.

Table 2-5 shows examples of how you can use the
question mark (
?
)
to assist you in entering commands.

Table 2-5 Finding Command Options

Command

Comment

Router>
enable

Password:
<password>

Router#

Enter the
enable
command and password to access privileged EXEC commands. You are in privileged EXEC mode when the prompt changes to a “
#
” from the “
>
”; for example,
Router> to Router#
.

Router#
configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Enter the
configure terminal
privileged EXEC command to enter global configuration mode. You are in global configuration mode when the prompt changes to
Router(config)#
.

Router(config)#
interface GigabitEthernet ?

<0-0> GigabitEthernet interface number

<0-2> GigabitEthernet interface number

Router(config)#
interface GigabitEthernet 1/?

<0-4> Port Adapter number

Router (config)#
interface GigabitEthernet 1/3/?

<0-15> GigabitEthernet interface number

Router (config)#
interface GigabitEthernet 1/3/8?

. <0-3>

Router (config)#
interface GigabitEthernet 1/3/8.0

Router(config-if)#

Enter interface configuration mode by specifying the interface that you want to configure using the
interface GigabitEthernet
global configuration command.

Enter
?
to display what you must enter next on the command line.

When the <cr> symbol is displayed, you can press Enter to complete the command.

You are in interface configuration mode when the prompt changes to
Router(config-if)#
.

Router(config-if)#
?

Interface configuration commands:

.

.

.

ip Interface Internet Protocol

config commands

keepalive Enable keepalive

lan-name LAN Name command

llc2 LLC2 Interface Subcommands

load-interval Specify interval for load calculation for an interface

locaddr-priority Assign a priority group

logging Configure logging for interface

loopback Configure internal loopback on an

interface

mac-address Manually set interface MAC address

mls mls router sub/interface commands

mpoa MPOA interface configuration commands

mtu Set the interface

Maximum Transmission Unit (MTU)

netbios Use a defined NETBIOS access list

or enable

name-caching

no Negate a command or set its defaults

nrzi-encoding Enable use of NRZI encoding

ntp Configure NTP

.

.

.

Router(config-if)#

Enter
?
to display a list of all the interface configuration commands available for the interface. This example shows only some of the available interface configuration commands.

Router(config-if)#
ip ?

Interface IP configuration subcommands:

access-group Specify access control for packets

accounting Enable IP accounting on this interface

address Set the IP address of an interface

authentication authentication subcommands

bandwidth-percent Set EIGRP bandwidth limit

broadcast-address Set the broadcast address of an interface

cgmp Enable/disable CGMP

directed-broadcast Enable forwarding of directed broadcasts

dvmrp DVMRP interface commands

hello-interval Configures IP-EIGRP hello interval

helper-address Specify a destination address for UDP broadcasts

hold-time Configures IP-EIGRP hold time

.

.

.

Router(config-if)#
ip

Enter the command that you want to configure for the interface. This example uses the
ip
command.

Enter
?
to display what you must enter next on the command line. This example shows only some of the available interface IP configuration commands.

Router(config-if)#
ip address ?

A.B.C.D IP address

negotiated IP Address negotiated over PPP

Router(config-if)#
ip address

Enter the command that you want to configure for the interface. This example uses the
ip address
command.

Enter
?
to display what you must enter next on the command line. In this example, you must enter an IP address or the
negotiated
keyword.

A carriage return (<cr>) is not displayed; therefore, you must enter additional keywords or arguments to complete the command.

Router(config-if)#
ip address 172.16.0.1 ?

A.B.C.D IP subnet mask

Router(config-if)#
ip address 172.16.0.1

Enter the keyword or argument that you want to use. This example uses the 172.16.0.1 IP address.

Enter
?
to display what you must enter next on the command line. In this example, you must enter an IP subnet mask.

A <cr> is not displayed; therefore, you must enter additional keywords or arguments to complete the command.

Enter
?
to display what you must enter next on the command line. In this example, you can enter the
secondary
keyword, or you can press
Enter
.

A <cr> is displayed; you can press
Enter
to complete the command, or you can enter another keyword.

Router(config-if)#
ip address 172.16.0.1 255.255.255.0

Router(config-if)#

In this example,
Enter
is pressed to complete the command.

Using the no and default Forms of Commands

Almost every configuration command has a
no
form. In general, use the
no
form to disable a function. Use the command without the
no
keyword to re-enable a disabled function or to enable a function that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, use the
no
ip routing
command; to re-enable IP routing, use the
ip routing
command. The Cisco IOS software
command reference
publications
provide the complete syntax for the configuration commands and describe what the
no
form of a command does.

Many CLI commands also have a
default
form. By issuing the command
default
command-name
, you can configure the command to its default setting. The Cisco IOS software command reference publications describe the function of the
default
form of the command when the
default
form performs a different function than the plain and
no
forms of the command. To see what default commands are available on your system, enter
default ?
in the appropriate command mode.

Saving Configuration Changes

Use the
copy running-config startup-config
command to save your configuration changes to the startup configuration so that the changes will not be lost if the software reloads or a power outage occurs. For example:

Router# copy running-config startup-config

Building configuration...

It might take a minute or two to save the configuration. After the configuration has been saved, the following output appears:

[OK]

Router#

This task saves the configuration to NVRAM.

Managing Configuration Files

The startup configuration file is stored in the nvram: file system and the running configuration files are stored in the system: file system. This configuration file storage setup is also used on several other Cisco router platforms.

As a matter of routine maintenance on any Cisco router, users should backup the startup configuration file by copying the startup configuration file from NVRAM onto one of the router’s other file systems and, additionally, onto a network server. Backing up the startup configuration file provides an easy method of recovering the startup configuration file if the startup configuration file in NVRAM becomes unusable for any reason.

Filtering Output from the show and more Commands

You can search and filter the output of
show
and
more
commands. This functionality is useful if you need to sort through large amounts of output or if you want to exclude output that you need not see.

To use this functionality, enter a
show
or
more
command followed by the “pipe” character ( | ); one of the keywords
begin
,
include
, or
exclude
; and a regular expression on which you want to search or filter (the expression is case sensitive):

Step 3 Wait for the ROMMON prompt to appear and place the power supply switch in the Off position.

Finding Support Information for Platforms and Cisco Software Images

Cisco IOS XE software is packaged in feature sets consisting of software images that support specific platforms. The group of feature sets that are available for a specific platform depends on which Cisco software images are included in a release. To identify the set of software images available in a specific release or to find out if a feature is available in a given Cisco IOS XE software image, you can useCisco Feature Navigator
or see the release notes for Cisco IOS XE
.

Using Cisco Feature Navigator

Use Cisco Feature Navigator
to find information about platform support and software image support. Cisco Feature Navigator is a tool that enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To use the navigator tool, an account on Cisco.com is not required.

Using Software Advisor

Cisco maintains the Software Advisor tool—see Tools and Resources
. Use the Software Advisor tool to see if a feature is supported by a Cisco IOS XE release, to locate the software document for that feature, or to check the minimum software requirements of Cisco IOS XE software with the hardware installed on your router. You must be a registered user on Cisco.com to access this tool.

Using Software Release Notes

Release notes are intended to be release-specific for the most current release, and the information provided in these documents may not be cumulative in providing information about features that first appeared in previous releases. Refer to the Cisco Feature Navigator http://www.cisco.com/go/cfn/
for cumulative feature information.

CLI Session Management

Information About CLI Session Management

CLI sessions are managed. An inactivity timeout is configurable and enforced. Session locking provides protection from two users overwriting changes that each other has made. To prevent an internal process from using all of the available capacity, some spare capacity is reserved for CLI session access. For example, this allows a user to remotely access the router.

Changing the CLI Session Timeout

Step 1
configure terminal

Enters global configuration mode.

Step 2
line console 0

Step 3
session-timeout
minutes

The value of
minutes
sets the amount of time that the CLI waits before timing out. Setting the CLI session timeout increases the security of a CLI session. Specify a value of 0 for
minutes
to disable session timeout.

Step 4
show line console 0

Verifies the value to which the session timeout has been set, which is shown as the value for
“
Idle Session
”.

Locking a CLI Session

To configure a temporary password on a CLI session, use the
lock
command in EXEC mode. Before you can use the
lock
command, you need to configure the line using the
lockable
command. In this example the line is configured as
lockable
, and then the
lock
command is used and a temporary password is assigned.

Step 1
Router# configure terminal

Enters global configuration mode.

Step 2 Enter the line upon which you want to be able to use the
lock
command.